From 0ba17ade477cda3cac9419f6b00996b3b45135c5 Mon Sep 17 00:00:00 2001
From: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Fri, 17 May 2013 08:05:01 +0000
Subject: [PATCH] =?utf8?q?Fix=20a=20bug=20that=20=E2=80=9CSecureBoot?=
 =?utf8?q?=E2=80=9D=20varaible=20will=20be=20updated=20to=20NV+AT=20attrib?=
 =?utf8?q?ute=20incorrectly.=20Signed-off-by:=20Fu=20Siyuan=20<siyuan.fu@i?=
 =?utf8?q?ntel.com>=20Reviewed-by:=20Ni=20Ruiyu=20<ruiyu.ni@intel.com>=20R?=
 =?utf8?q?eviewed-by:=20Dong=20Guo=20<guo.dong@intel.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../DxeImageVerificationLib.c                 | 60 -------------------
 .../DxeImageVerificationLib.inf               |  3 +-
 .../RuntimeDxe/AuthService.c                  |  4 +-
 3 files changed, 2 insertions(+), 65 deletions(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 5bc29cf145..9e4bf8681b 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1347,53 +1347,6 @@ Done:
   return Status;
 }
 
-/**
-  When VariableWriteArchProtocol install, create "SecureBoot" variable.
-
-  @param[in] Event    Event whose notification function is being invoked.
-  @param[in] Context  Pointer to the notification function's context.
-
-**/
-VOID
-EFIAPI
-VariableWriteCallBack (
-  IN  EFI_EVENT                           Event,
-  IN  VOID                                *Context
-  )
-{
-  UINT8                       SecureBootMode;
-  UINT8                       *SecureBootModePtr;
-  EFI_STATUS                  Status;
-  VOID                        *ProtocolPointer;
-
-  Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);
-  if (EFI_ERROR (Status)) {
-    return;
-  }
-
-  //
-  // Check whether "SecureBoot" variable exists.
-  // If this library is built-in, it means firmware has capability to perform
-  // driver signing verification.
-  //
-  GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);
-  if (SecureBootModePtr == NULL) {
-    SecureBootMode   = SECURE_BOOT_MODE_DISABLE;
-    //
-    // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.
-    //
-    gRT->SetVariable (
-           EFI_SECURE_BOOT_MODE_NAME,
-           &gEfiGlobalVariableGuid,
-           EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
-           sizeof (UINT8),
-           &SecureBootMode
-           );
-  } else {
-    FreePool (SecureBootModePtr);
-  }
-}
-
 /**
   Register security measurement handler.
 
@@ -1409,19 +1362,6 @@ DxeImageVerificationLibConstructor (
   IN EFI_SYSTEM_TABLE  *SystemTable
   )
 {
-  VOID                *Registration;
-
-  //
-  // Register callback function upon VariableWriteArchProtocol.
-  //
-  EfiCreateProtocolNotifyEvent (
-    &gEfiVariableWriteArchProtocolGuid,
-    TPL_CALLBACK,
-    VariableWriteCallBack,
-    NULL,
-    &Registration
-    );
-
   return RegisterSecurity2Handler (
           DxeImageVerificationHandler,
           EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
index dd03b0bf8a..0c6ab968f0 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
@@ -7,7 +7,7 @@
 #  This external input must be validated carefully to avoid security issue like
 #  buffer overflow, integer overflow.
 #
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -59,7 +59,6 @@
   gEfiFirmwareVolume2ProtocolGuid
   gEfiBlockIoProtocolGuid
   gEfiSimpleFileSystemProtocolGuid
-  gEfiVariableWriteArchProtocolGuid
   
 [Guids]
   gEfiCertTypeRsa2048Sha256Guid
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 440ede9144..7da0d63aba 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -675,7 +675,6 @@ UpdatePlatformMode (
 {
   EFI_STATUS              Status;
   VARIABLE_POINTER_TRACK  Variable;
-  UINT32                  VarAttr;
   UINT8                   SecureBootMode;
   UINT8                   SecureBootEnable;
   UINTN                   VariableDataSize;
@@ -736,13 +735,12 @@ UpdatePlatformMode (
     }
   }
 
-  VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
   Status  = UpdateVariable (
               EFI_SECURE_BOOT_MODE_NAME,
               &gEfiGlobalVariableGuid,
               &SecureBootMode,
               sizeof(UINT8),
-              VarAttr,
+              EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
               0,
               0,
               &Variable,
-- 
2.39.2